package com.woniuxy.realm;

import javax.annotation.Resource;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;

import com.woniuxy.pojo.User;
import com.woniuxy.service.UserService;

public class UserRealm extends AuthorizingRealm{
	@Resource
	private UserService userService;

	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		return null;
	}

	
	//认证的方法：从数据库中查询当前用户的信息（账号密码等）
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
		//获取用户提交的账号
		String account = (String) token.getPrincipal();
		//假设通过账号从数据库查询出数据
		User resultUser = userService.findUserByAccount(account);
		//获取盐值
		ByteSource salt = ByteSource.Util.bytes(resultUser.getAccount());
		SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(resultUser.getAccount(), resultUser.getPass(), salt, getName());
		//如果该方法的返回值为null，代表没有在数据库查到账号
		return info;
	}

}
